Package: request-tracker4 / 4.2.8-3

Metadata

Package Version Patches format
request-tracker4 4.2.8-3 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
layout.diff | (download)

config.layout | 29 29 + 0 - 0 !
1 file changed, 29 insertions(+)

 
 add debian layout (fhs-compatible)
sitemodules.diff | (download)

lib/RT/Interface/Web/Handler.pm | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 
 use rt_sitemodules.pm in lib/rt/interface/web/handler.pm
rt_setup_database_upgrade_basedir.diff | (download)

sbin/rt-setup-database.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 fix relative references to config path
no_testdeps.diff | (download)

Makefile.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 don't run the testdeps portion of configuration
sanity check stylesheets_shebang.diff | (download)

etc/upgrade/sanity-check-stylesheets.pl | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 
 add missing interpreter to etc/upgrade/sanity-check-stylesheets.pl

We install these scripts executable, so they need to have a valid
interpreter.

Bug: http://issues.bestpractical.com/Ticket/Display.html?id=18856
debianize_backup_docs.diff | (download)

docs/backups.pod | 43 31 + 12 - 0 !
1 file changed, 31 insertions(+), 12 deletions(-)

 
 customise backup docs for debian
debianize_docs_local.diff | (download)

docs/customizing/styling_rt.pod | 6 3 + 3 - 0 !
docs/extending/clickable_links.pod | 4 2 + 2 - 0 !
docs/initialdata.pod | 2 1 + 1 - 0 !
3 files changed, 6 insertions(+), 6 deletions(-)

 
 reference correct local directory for debian
no_test_web_installer.diff | (download)

t/web/installer.t | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 
 don't test the web installer

The following undiagnosed test failure in the Debian minimal build
environment occurs:

    #   Failed test 'no warnings'
    #   at lib/RT/Test.pm line 1611.
    # There were 2 warning(s)
    #       Previous test 22 'set admin email'
    #       There is no form with the requested fields at t/web/installer.t line 80
    #  at /usr/share/perl5/WWW/Mechanize.pm line 2745
    #       WWW::Mechanize::_warn('There is no form with the requested fields') called at /usr/share/perl5/WWW/Mechanize.pm line 2723
    #       WWW::Mechanize::warn('RT::Test::Web=HASH(0x586d0f0)', 'There is no form with the requested fields') called at /usr/share/perl5/WWW/Mechanize.pm line 1371

However the web installer is not used in the Debian package, so don't
run the test.
fix_lintian_privacy_break_logo_error.diff | (download)

share/html/index.html | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 
 don't include remote image references or redirects in broken install
 page

This fixes the lintian error privacy-breach-logo
debianize_UPGRADING 4.2.diff | (download)

docs/UPGRADING-4.2 | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 
 debianize upgrading-4.2
font_path.diff | (download)

etc/RT_Config.pm.in | 8 4 + 4 - 0 !
lib/RT.pm | 3 2 + 1 - 0 !
lib/RT/Generated.pm.in | 1 1 + 0 - 0 !
3 files changed, 7 insertions(+), 5 deletions(-)

 
 use the configured font path (from layout), rather than hardcoding
 it

RT already allows configuring an explicit font path; respect it.

Fixes I#29794.

Bug: http://issues.bestpractical.com/Ticket/Display.html?id=29794
Bug-Debian: http://bugs.debian.org/746150
assettracker sysgroups.diff | (download)

etc/upgrade/4.1.0/schema.SQLite | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 
 fix upgrade problems caused by an rtx::assettracker installation bug

The setup of the wheezy rt4-extension-assettracker package
(RTx::AssetTracker 2.0.0b2) accidentally inserted two pairs of system role
accounts, causing upgrade failures on SQLite backends due to uniqueness
constraint violations.

Bug-Debian: https://bugs.debian.org/773343
sec 2015 02 05 1.diff | (download)

lib/RT.pm | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 
 hide utf8 warnings during attempted decoding

EncodeFromToWithCroak is used to exploratorily attempt to decode unknown
byte strings.  This operation, under Encode::FB_DEFAULT, may generate
warnings -- lots of warnings.  This can lead to denial of service in
some situations.  This vulnerability has been assigned CVE-2014-9472.

Unfortunately, "no warnings 'utf8'" does not work to quiet them until
Encode 2.64; simply skip warnings of this type in the logging handler.
sec 2015 02 05 2.diff | (download)

share/html/Search/Elements/ResultsRSSView | 9 8 + 1 - 0 !
1 file changed, 8 insertions(+), 1 deletion(-)

 
 prevent text content from being interpreted as html by rss clients

The ->Content method is used to obtain the data to use in the RSS
<description> tag.  However, most RSS feed readers display the contents
of the <description> tag using a HTML rendering engine; this allows
textual content to be mistakenly rendered as HTML.  This specifically
includes links, which RSS readers may not hide the "Referer" header of,
exposing the RSS feed URL and thus allowing for information disclosure.
This vulnerability has been assigned CVE-2015-1165.

Escape the textual content so that it is not interpreted as HTML by RSS
readers.  This is suprior to requesting ->Content( Type => "text/html" )
because it is guaranteed to not contain links, and thus not suffer from
the above Referer disclosure.
sec 2015 02 05 3.diff | (download)

share/html/Search/Elements/ResultsRSSView | 11 4 + 7 - 0 !
1 file changed, 4 insertions(+), 7 deletions(-)

 
 never place the temporary current user in the session